1. When first setup we used a default AD query, so we imported alot of users we do not need. It it possible to modify the query to remove all thoes and only leave users in the right OU?
2. How frequently does the AD integration sync users?
3. What happens if an existing AD user has changes, example a new phone number, do these changes get updated for the user in purecloud?
4. If we manually import a user, can the AD sync overwrite it?
5. When users are removed for AD, will it be deleted in Purecould or will it stay "untouched"?

The are numerous ways to modify the LDAP query to limit the number of users returned and therefore added to PureCloud. For example adding (manager =*) will only select users that have a manager. There are numerous websites that describe in detail how to use LDAP queries with AD.

The frequency Sync operations with AD is controlled by a delay in seconds specified in the connector configuration. Typically synchronizing once an hour is sufficient for most companies.

The AD connector will recognizes changes for any user in PureCloud or AD. These changes are propagated to the other system depending on the configuration. For example: it might be desirable to have a user's title sync only from AD to PureCloud, their work phone to update in either direction and have their cell phone updated only from PureCloud to AD. This is fully configurable in the connector UI.

If a user is added to PureCloud manually then the AD connector will ignore it. However, if the user has the same email address in PureCloud and AD then the AD connector will take over synchronization of that user.

Users created in PureCloud by the AD connector will be deleted from PureCloud if and when they are deleted from AD. Note "deleted from AD" technically means no longer shows up in an LDAP query.

Patrick,

I would suggest reading through all of the documentation for the AD data sync connector on the resource center: https://help.mypurecloud.com/articles/active-directory-connector/

This documentation specifically addresses most of your questions (Sync interval is a configuration setting, delete operations are configurable, write direction and "tie" resolution are configurable).

If you make a mistake with your initial LDAP query then modifying the query and allowing the connector to re-sync will remove the "old" users (from the first LDAP query) and create the new users (from the new LDAP query). Users that returned by both queries will only be updated (if you have an update task setup in your connector configuration).

The question about manually creating a user and having the sync overwrite it is somewhat complicated, as it's dependent on your configuration. If you have two way sync enabled, then creating the user in PureCloud will create that new user in AD, at which point the integration will keep the two systems in sync. If the sync is configured as one way ex2in (AD syncs in to PureCloud), then creating a user in PureCloud will not affect AD in any way; it's important to note this user will also not be affected by changes to the integration (like a change to the LDAP query). In general the sync integration only manages users it "owns" (meaning it has created or are covered by its updates); users outside of that scope will be left unchanged and must be manually managed.

AD integration is tricky, its also very messy to clean up.

In our experience we had to write an LDAP query to remove the entry, then we had to create a unique OU and only pull from that OU to Purecloud. Our customer inadvertently turned on the AD connector and pulled 70,000 customers from the OU and they only needed 500.

Alonso M

Adapt Telephony Services

Patrick,

I need to correct something I said earlier. While some of our Data Sync connectors support creating and deleting users in external systems, the AD connector does not. Sorry for any confusion this might have caused.

Hello Richard,

I've accidentally sync too many users too.

Just to clarify, changing the LDAP query to be more restrictive does not delete the users, is that it?

Is there any way of deleting them?

Via REST API I can only change their state to "deleted".

Regards,

Daniel